CVEs from 2016
Total
8,454
critical
critical 1,164
high
high 3,521
medium
medium 3,173
low
low 248
% Critical
13.8%
% with KEV
0.7%
% with exploit
6.8%
Top vendors
Top products
- phpmyadmin 3,382
- php 1,748
- squid 1,549
- samba 1,093
- drupal 868
- firefox 757
- moodle 700
- openssl 664
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-0447 | medium | — | 4.6 | 11y ago | Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control 11.1.0.1, 11.2.0.4, 12.1.0.4, and 12.1.0.5 allows local users to affect confident… | |||
| CVE-2016-0445 | medium | — | 4.6 | 11y ago | Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control 11.1.0.1, 11.2.0.4, 12.1.0.4, and 12.1.0.5 allows local users to affect confident… | |||
| CVE-2016-0417 | medium | — | 4.6 | 11y ago | Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Systems Products Suite 3.3 and 4.2 allows local users to affect confidentiality, integrity, and availability via vectors relat… | |||
| CVE-2016-0411 | medium | — | 4.6 | 11y ago | Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control 11.1.0.1 and 11.2.0.4 allows local users to affect confidentiality, integrity, an… | |||
| CVE-2016-10376 | medium | 4.5 | 4.5 | 9y ago | Gajim through 0.16.7 unconditionally implements the "XEP-0146: Remote Controlling Clients" extension. This can be abused by malicious XMPP servers to, for example, extract plaintext from OTR encrypte… | |||
| CVE-2016-5991 | medium | 4.5 | 4.5 | 10y ago | IBM Sterling Connect:Direct 4.5.00, 4.5.01, 4.6.0 before 4.6.0.6 iFix008, and 4.7.0 before 4.7.0.4 on Windows allows local users to gain privileges via unspecified vectors. | |||
| CVE-2016-8287 | medium | 4.5 | 4.5 | 10y ago | Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: Replication. | |||
| CVE-2016-4381 | medium | 4.5 | 4.5 | 10y ago | HPE XP7 Command View Advanced Edition (CVAE) Suite 6.x through 8.x before 8.4.1-02, when Replication Manager (RepMgr) and Device Manager (DevMgr) are enabled, allows local users to bypass intended ac… | |||
| CVE-2016-3429 | medium | 4.5 | 4.5 | 10y ago | Unspecified vulnerability in the Oracle Retail Xstore Point of Service component in Oracle Retail Applications 5.0, 5.5, 6.0, 6.5, 7.0, and 7.1 allows remote authenticated users to affect confidentia… | |||
| CVE-2016-6246 | medium | 4.4 | 4.4 | 9y ago | OpenBSD 5.8 and 5.9 allows certain local users with kern.usermount privileges to cause a denial of service (kernel panic) by mounting a tmpfs with a VNOVAL in the (1) username, (2) groupname, or (3) … | |||
| CVE-2016-4492 | medium | 4.4 | 4.4 | 9y ago | Buffer overflow in the do_type function in cplus-dem.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary. | |||
| CVE-2016-4686 | medium | 4.4 | 4.4 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.1 is affected. The issue involves the "Contacts" component, which does not prevent an app's Address Book access after access revocatio… | |||
| CVE-2016-6648 | medium | 4.4 | 4.4 | 10y ago | EMC RecoverPoint versions before 4.4.1.1 and EMC RecoverPoint for Virtual Machines versions before 5.0 are affected by sensitive information disclosure vulnerability as a result of incorrect permissi… | |||
| CVE-2016-3034 | medium | 4.4 | 4.4 | 10y ago | IBM AppScan Source uses a one-way hash without salt to encrypt highly sensitive information, which could allow a local attacker to decrypt information more easily. | |||
| CVE-2016-3016 | medium | 4.4 | 4.4 | 10y ago | IBM Security Access Manager for Web processes patches, image backups and other updates without sufficiently verifying the origin and integrity of the code, which could allow an authenticated attacker… | |||
| CVE-2016-8327 | medium | 4.4 | 4.4 | 10y ago | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.34 and earlier and 5.7.16 and earlier. Difficult to explo… | |||
| CVE-2016-8006 | medium | 4.4 | 4.4 | 10y ago | Authentication bypass vulnerability in Enterprise Security Manager (ESM) and License Manager (LM) in Intel Security McAfee Security Information and Event Management (SIEM) 9.6.0 MR3 allows an adminis… | |||
| CVE-2016-7091 | medium | 4.4 | 4.4 | 10y ago | sudo: It was discovered that the default sudo configuration on Red Hat Enterprise Linux and possibly other Linux implementations preserves the value of INPUTRC which could lead to information disclos… | |||
| CVE-2016-4412 | medium | 4.4 | 4.4 | 10y ago | An issue was discovered in phpMyAdmin. A user can be tricked into following a link leading to phpMyAdmin, which after authentication redirects to another malicious site. The attacker must sniff the u… | |||
| CVE-2016-7421 | medium | 4.4 | 4.4 | 10y ago | The pvscsi_ring_pop_req_descr function in hw/scsi/vmw_pvscsi.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by… | |||
| CVE-2016-7170 | medium | 4.4 | 4.4 | 10y ago | The vmsvga_fifo_run function in hw/display/vmware_vga.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via… | |||
| CVE-2016-7157 | medium | 4.4 | 4.4 | 10y ago | The (1) mptsas_config_manufacturing_1 and (2) mptsas_config_ioc_0 functions in hw/scsi/mptconfig.c in QEMU (aka Quick Emulator) allow local guest OS administrators to cause a denial of service (QEMU … | |||
| CVE-2016-7156 | medium | 4.4 | 4.4 | 10y ago | The pvscsi_convert_sglist function in hw/scsi/vmw_pvscsi.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by lev… | |||
| CVE-2016-7155 | medium | 4.4 | 4.4 | 10y ago | hw/scsi/vmw_pvscsi.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (out-of-bounds access or infinite loop, and QEMU process crash) via a crafted page … | |||
| CVE-2016-6888 | medium | 4.4 | 4.4 | 10y ago | Integer overflow in the net_tx_pkt_init function in hw/net/net_tx_pkt.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (QEMU process crash) via the max… | |||
| CVE-2016-6834 | medium | 4.4 | 4.4 | 10y ago | The net_tx_pkt_do_sw_fragmentation function in hw/net/net_tx_pkt.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash… | |||
| CVE-2016-6833 | medium | 4.4 | 4.4 | 10y ago | Use-after-free vulnerability in the vmxnet3_io_bar0_write function in hw/net/vmxnet3.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (QEMU instance cr… | |||
| CVE-2016-6490 | medium | 4.4 | 4.4 | 10y ago | The virtqueue_map_desc function in hw/virtio/virtio.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via a zero … | |||
| CVE-2016-9104 | medium | 4.4 | 4.4 | 10y ago | Multiple integer overflows in the (1) v9fs_xattr_read and (2) v9fs_xattr_write functions in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allow local guest OS administrators to cause a denial of service … | |||
| CVE-2016-8222 | medium | 4.4 | 4.4 | 10y ago | A vulnerability has been identified in a signed kernel driver for the BIOS of some ThinkPad systems that can allow an attacker with Windows administrator-level privileges to call System Management Mo… | |||
| CVE-2016-8224 | medium | 4.4 | 4.4 | 10y ago | A vulnerability has been identified in some Lenovo Notebook and ThinkServer systems where an attacker with administrative privileges on a system could install a program that circumvents Intel Managem… | |||
| CVE-2016-8290 | medium | 4.4 | 4.4 | 10y ago | Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: Performance Schema, a different vulnerability than CVE-… | |||
| CVE-2016-5584 | medium | 4.4 | 4.4 | 10y ago | Unspecified vulnerability in Oracle MySQL 5.5.52 and earlier, 5.6.33 and earlier, and 5.7.15 and earlier allows remote administrators to affect confidentiality via vectors related to Server: Security… | |||
| CVE-2016-7097 | medium | 4.4 | 4.4 | 10y ago | The filesystem implementation in the Linux kernel through 4.8.2 preserves the setgid bit during a setxattr call, which allows local users to gain group privileges by leveraging the existence of a set… | |||
| CVE-2016-7423 | medium | 4.4 | 4.4 | 10y ago | The mptsas_process_scsi_io_request function in QEMU (aka Quick Emulator), when built with LSI SAS1068 Host Bus emulation support, allows local guest OS administrators to cause a denial of service (ou… | |||
| CVE-2016-7909 | medium | 4.4 | 4.4 | 10y ago | The pcnet_rdra_addr function in hw/net/pcnet.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by setting the (1)… | |||
| CVE-2016-7908 | medium | 4.4 | 4.4 | 10y ago | The mcf_fec_do_tx function in hw/net/mcf_fec.c in QEMU (aka Quick Emulator) does not properly limit the buffer descriptor count when transmitting packets, which allows local guest OS administrators t… | |||
| CVE-2016-7907 | medium | 4.4 | 4.4 | 10y ago | The imx_fec_do_tx function in hw/net/imx_fec.c in QEMU (aka Quick Emulator) does not properly limit the buffer descriptor count when transmitting packets, which allows local guest OS administrators t… | |||
| CVE-2016-7442 | medium | 4.4 | 4.4 | 10y ago | The Frontend component in Sophos UTM with firmware 9.405-5 and earlier allows local administrators to obtain sensitive password information by reading the "value" field of the proxy user settings in … | |||
| CVE-2016-7397 | medium | 4.4 | 4.4 | 10y ago | The Frontend component in Sophos UTM with firmware 9.405-5 and earlier allows local administrators to obtain sensitive password information by reading the "value" field of the SMTP user settings in t… | |||
| CVE-2016-1242 | medium | 4.4 | 4.4 | 10y ago | file_open in Tryton before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3.6.12, 3.8.x before 3.8.8, and 4.x before 4.0.4 allows remote authenticated users with certain permissions to read arbitrary file… | |||
| CVE-2016-5105 | medium | 4.4 | 4.4 | 10y ago | The megasas_dcmd_cfg_read function in hw/scsi/megasas.c in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, uses an uninitialized variable, which allows local guest admi… | |||
| CVE-2016-3488 | medium | 4.4 | 4.4 | 10y ago | Unspecified vulnerability in the DB Sharding component in Oracle Database Server 12.1.0.2 allows local users to affect integrity via unknown vectors. | |||
| CVE-2016-3480 | medium | 4.4 | 4.4 | 10y ago | Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Systems Products Suite 3.3 and 4.3 allows local users to affect confidentiality via vectors related to HA for Postgresql. | |||
| CVE-2016-3287 | medium | 4.4 | 4.4 | 10y ago | Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to bypass the Secure Boot protection mechanism by leveraging administrative acc… | |||
| CVE-2016-5087 | medium | 4.4 | 4.4 | 10y ago | Alertus Desktop Notification before 2.9.31.1710 on OS X uses weak permissions for configuration files and unspecified other files, which allows local users to suppress emergency notifications or chan… | |||
| CVE-2016-5238 | medium | 4.4 | 4.4 | 10y ago | The get_cmd function in hw/scsi/esp.c in QEMU might allow local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via vectors related to reading from t… | |||
| CVE-2016-4453 | medium | 4.4 | 4.4 | 10y ago | The vmsvga_fifo_run function in hw/display/vmware_vga.c in QEMU allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via a VGA command. | |||
| CVE-2016-0674 | medium | 4.4 | 4.4 | 10y ago | Unspecified vulnerability in the Siebel Core - Common Components component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows local users to affect confidentiality and integrity via vectors related to Email. | |||
| CVE-2016-0667 | medium | 4.4 | 4.4 | 10y ago | Unspecified vulnerability in Oracle MySQL 5.7.11 and earlier allows local users to affect availability via vectors related to Locking. | |||
| CVE-2016-0444 | medium | — | 4.4 | 11y ago | Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control 11.1.0.1, 11.2.0.4, 12.1.0.4, and 12.1.0.5 allows local users to affect confident… | |||
| CVE-2016-0757 | medium | 4.3 | 4.3 | 4y ago | OpenStack Image Service (Glance) before 2015.1.3 (kilo) and 11.0.x before 11.0.2 (liberty), when show_multiple_locations is enabled, allow remote authenticated users to change image status and upload… | |||
| CVE-2016-6024 | medium | 4.3 | 4.3 | 9y ago | IBM Jazz technology based products might divulge information that might be useful in helping attackers through error messages. IBM X-Force ID: 116868. | |||
| CVE-2016-2976 | medium | 4.3 | 4.3 | 9y ago | IBM Sametime Meeting Server 8.5.2 and 9.0 could allow a meeting invitee to obtain previously cleared sensitive information by viewing the meeting report history. IBM X-Force ID: 113936. | |||
| CVE-2016-2966 | medium | 4.3 | 4.3 | 9y ago | IBM Sametime 8.5.1 and 9.0 could allow an authenticated user to enumerate meeting rooms by guessing the meeting room id. IBM X-Force ID: 113847. | |||
| CVE-2016-0358 | medium | 4.3 | 4.3 | 9y ago | IBM Sametime 8.5.2 and 9.0 could allow an unauthorized authenticated user to enumerate group chat ID numbers and join meetings that he was not invited to. IBM X-Force ID: 111928. | |||
| CVE-2016-2977 | medium | 4.3 | 4.3 | 9y ago | IBM Sametime Meeting Server 8.5.2 and 9.0 could allow a malicious user to lower other users hands in the meeting. IBM X-Force ID: 113937. | |||
| CVE-2016-2969 | medium | 4.3 | 4.3 | 9y ago | IBM Sametime Meeting Server 8.5.2 and 9.0 may send replies that contain emails of people that should not be in these messages. IBM X-Force ID: 113850. | |||
| CVE-2016-2959 | medium | 4.3 | 4.3 | 9y ago | IBM Sametime Meeting Server 8.5.2 and 9.0 could allow a meeting room manager to remove the primary managers privileges. IBM X-Force ID: 113804. | |||
| CVE-2016-10503 | medium | 4.3 | 4.3 | 9y ago | IBM Sametime Meeting Server 8.5.2 and 9.0 could allow an authenticated and invited user of Sametime meeting to lower any or all hands in an e-meeting, thus spoofing results of votes in the meeting. I… | |||
| CVE-2016-2970 | medium | 4.3 | 4.3 | 9y ago | IBM Sametime 8.5 and 9.0 meetings server may provide detailed information in an error message that may provide details about the application to possible attackers. IBM X-Force ID: 113851. | |||
| CVE-2016-6018 | medium | 4.3 | 4.3 | 9y ago | IBM Emptoris Contract Management 10.0 and 10.1 reveals detailed error messages in certain features that could cause an attacker to gain additional information to conduct further attacks. IBM X-Force … | |||
| CVE-2016-9700 | medium | 4.3 | 4.3 | 9y ago | IBM Jazz Foundation could allow an authenticated attacker to obtain sensitive information from error message stack traces. IBM X-Force ID: 119528. | |||
| CVE-2016-7823 | medium | 4.3 | 4.3 | 9y ago | Cross-site scripting vulnerability in Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allows authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2016-7801 | medium | 4.3 | 4.3 | 9y ago | Cybozu Garoon 3.0.0 to 4.2.2 allows remote attackers to bypass access restrictions to delete other users' To-Dos via unspecified vectors. | |||
| CVE-2016-4910 | medium | 4.3 | 4.3 | 9y ago | Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to bypass access restriction to delete other operational administrators' MultiReport filters via unspecified vectors. | |||
| CVE-2016-4909 | medium | 4.3 | 4.3 | 9y ago | Cross-site request forgery (CSRF) vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote attackers to hijack the authentication of a logged in user to force a logout via unspecified vectors. | |||
| CVE-2016-4908 | medium | 4.3 | 4.3 | 9y ago | Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to bypass access restriction to alter or delete another user's private RSS settings via unspecified vectors. | |||
| CVE-2016-8987 | medium | 4.3 | 4.3 | 9y ago | IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow an authenticated user to view incorrect item sets that they should not have access to view. | |||
| CVE-2016-3051 | medium | 4.3 | 4.3 | 9y ago | IBM Security Access Manager for Web 9.0.0 could allow an authenticated user to access some privileged functionality of the server. IBM X-Force ID: 114714. | |||
| CVE-2016-4863 | medium | 4.3 | 4.3 | 9y ago | The Toshiba FlashAir SD-WD/WC series Class 6 model with firmware version 1.00.04 and later, FlashAir SD-WD/WC series Class 10 model W-02 with firmware version 2.00.02 and later, FlashAir SD-WE series… | |||
| CVE-2016-9735 | medium | 4.3 | 4.3 | 9y ago | IBM Jazz Foundation could allow an authenticated user to obtain sensitive information from stack traces. IBM X-Force ID: 119781, | |||
| CVE-2016-8030 | medium | 4.3 | 4.3 | 9y ago | A memory corruption vulnerability in Scriptscan COM Object in McAfee VirusScan Enterprise 8.8 Patch 8 and earlier allows remote attackers to create a Denial of Service on the active Internet Explorer… | |||
| CVE-2016-4841 | medium | 4.3 | 4.3 | 9y ago | Cybozu Mailwise before 5.4.0 allows remote attackers to inject arbitrary email headers. | |||
| CVE-2016-9978 | medium | 4.3 | 4.3 | 9y ago | IBM Curam Social Program Management 5.2, 6.0, and 7.0 could allow an authenticated attacker to disclose sensitive information. IBM X-Force ID: 120254. | |||
| CVE-2016-8923 | medium | 4.3 | 4.3 | 9y ago | IBM Curam Social Program Management 5.2, 6.0, and 7.0 contains a vulnerability that would allow an authorized user to obtain sensitive information from the profile of a higher privileged user that th… | |||
| CVE-2016-3733 | medium | 4.3 | 4.3 | 9y ago | Moodle Improper Access Control | |||
| CVE-2016-3732 | medium | 4.3 | 4.3 | 9y ago | Moodle sensitive information disclosure | |||
| CVE-2016-4844 | medium | 4.3 | 4.3 | 9y ago | Cybozu Mailwise before 5.4.0 allows remote attackers to conduct clickjacking attacks. | |||
| CVE-2016-4842 | medium | 4.3 | 4.3 | 9y ago | Cybozu Mailwise before 5.4.0 allows remote attackers to obtain information on when an email is read. | |||
| CVE-2016-1220 | medium | 4.3 | 4.3 | 9y ago | Cybozu Garoon before 4.2.2 does not properly restrict access. | |||
| CVE-2016-4873 | medium | 4.3 | 4.3 | 9y ago | Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to execute unintended operations via the Project function. | |||
| CVE-2016-4872 | medium | 4.3 | 4.3 | 9y ago | Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to bypass access restrictions to view the names of unauthorized projects via a breadcrumb trail. | |||
| CVE-2016-4868 | medium | 4.3 | 4.3 | 9y ago | Email header injection vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows remote attackers to inject arbitrary email headers to send unintended emails via specially crafted requests. | |||
| CVE-2016-4867 | medium | 4.3 | 4.3 | 9y ago | Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to bypass access restriction to view unauthorized project information via the Project function. | |||
| CVE-2016-8926 | medium | 4.3 | 4.3 | 9y ago | IBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 could allow a remote attacker to read system files or data that is restricted to authorized users. IBM X-Force ID: 118539. | |||
| CVE-2016-8720 | medium | 4.3 | 4.3 | 9y ago | An exploitable HTTP Header Injection vulnerability exists in the Web Application functionality of the Moxa AWK-3131A Wireless Access Point running firmware 1.1. A specially crafted HTTP request can i… | |||
| CVE-2016-4320 | medium | 4.3 | 4.3 | 9y ago | Atlassian Bitbucket Server before 4.7.1 allows remote attackers to read the first line of an arbitrary file via a directory traversal attack on the pull requests resource. | |||
| CVE-2016-10221 | medium | 4.3 | 4.3 | 9y ago | The count_entries function in pdf-layer.c in Artifex Software, Inc. MuPDF 1.10a allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted PDF docume… | |||
| CVE-2016-9464 | medium | 4.3 | 4.3 | 9y ago | Nextcloud Server before 9.0.54 and 10.0.0 suffers from an improper authorization check on removing shares. The Sharing Backend as implemented in Nextcloud does differentiate between shares to users a… | |||
| CVE-2016-9462 | medium | 4.3 | 4.3 | 9y ago | Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are not properly verifying restore privileges when restoring a file. The restore capability of Nextcloud/ownCloud was not verifying wheth… | |||
| CVE-2016-9461 | medium | 4.3 | 4.3 | 9y ago | Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are not properly verifying edit check permissions on WebDAV copy actions. The WebDAV endpoint was not properly checking the permission on… | |||
| CVE-2016-8973 | medium | 4.3 | 4.3 | 9y ago | IBM Rhapsody DM 4.0, 5.0 and 6.0 contains an undisclosed vulnerability that may allow an authenticated user to upload infected malicious files to the server. IBM Reference #: 1999960. | |||
| CVE-2016-2406 | medium | 4.3 | 4.3 | 9y ago | The permission control module in Huawei Document Security Management (aka DSM) before V100R002C05SPC670 allows remote authenticated users to obtain sensitive information from encrypted documents by l… | |||
| CVE-2016-9730 | medium | 4.3 | 4.3 | 9y ago | IBM QRadar Incident Forensics 7.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trus… | |||
| CVE-2016-7759 | medium | 4.3 | 4.3 | 9y ago | An issue was discovered in certain Apple products. iOS before 10 is affected. The issue involves the "Springboard" component, which allows physically proximate attackers to obtain sensitive informati… | |||
| CVE-2016-7592 | medium | 4.3 | 4.3 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves t… | |||
| CVE-2016-7581 | medium | 4.3 | 4.3 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.1 is affected. The issue involves the "Safari" component, which allows remote web servers to cause a denial of service via a crafted U… | |||
| CVE-2016-6190 | medium | 4.3 | 4.3 | 9y ago | SOGo before 2.3.12 and 3.x before 3.1.1 does not restrict access to the UID and DTSTAMP attributes, which allows remote authenticated users to obtain sensitive information about appointments with the… | |||
| CVE-2016-6189 | medium | 4.3 | 4.3 | 9y ago | Incomplete blacklist in SOGo before 2.3.12 and 3.x before 3.1.1 allows remote authenticated users to obtain sensitive information by reading the fields in the (1) ics or (2) XML calendar feeds. |